A Bench of Chief Justice of India S.A. Bobde and B.R. Gavai of the Supreme Court on Friday asked the Union government and the Unique Identification Authority of India (UIDAI) to respond to a petition alleging that recent amendments to the Aadhaar law opened the back door to private players to access citizens’ sensitive personal data.
The petition was filed jointly by former Army officer S.G. Vombatkere and activist Bezwada Wilson against the legality of Aadhaar and Other Laws (Amendment) Act, 2019 and the Aadhaar (Pricing of Aadhaar Authentication Services) Regulations, 2019.
The court has tagged the case with an earlier petition filed by the same petitioners raising identical grounds against the Aadhaar and Other Laws (Amendment) Ordinance, 2019 and Aadhaar (Pricing of Aadhaar Authentication Services) Regulations, 2019.
‘Violation of fundamental rights’
The petition, filed by advocate Vipin Nair and represented by senior advocate Shyam Divan, said the law and regulations violated the fundamental rights as guaranteed under Part III of the Constitution.
“The impugned Act creates a backdoor to permit private parties to access the Aadhaar eco-system, thus enabling State and private surveillance of citizens, and the impugned Regulations permit the commercial exploitation of personal and sensitive information, which has been collected and stored for State purposes only,” it said.
The Act and Regulations were manifestly unconstitutional. They sought to relegislate certain provisions of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016. These provisions had originally enabled the commercial exploitation of personal information collected for the purposes of the State but were declared unconstitutional by the Supreme Court in the Justice Puttuswamy case, it said.
In the Puttuswamy judgment, the court found that the architecture and design of the Aadhaar project did not enable mass surveillance of persons enrolled under the Aadhaar Act. It struck down certain provisions giving an avenue for private players to access Aadhaar data, including Section 57 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, which permitted private parties to use Aadhaar for authentication.
Database ‘lacks integrity’
The petitioner argued that the Aadhaar database lacked integrity. None of the data uploaded at the time of enrolment was verified by anyone.
“Permitting such a database to be linked with the existing databases of services offered under Chapter IV of the Prevention of Money Laundering Act, 2002, and Section 4 of the Indian Telegraph Act, 1885, poses a grave threat to national security by permitting unverified data to creep into these databases,” the petition said. It called the Aadhaar database a Trojan Horse.
The new amended Act created a new system of “offline verification” that purportedly bypassed the authorities and led to unprecedented opportunities for unauthorised parties to save and replicate Aadhaar related personal data, in various offline federated databases, it said.
The 2019 Act had amended Section 7 of the original Aadhaar Act and increased the ambit of Aadhaar to cover the Consolidated Fund of the States also. “This is an impermissible expansion as it violates the federal structure of India... This increases the risk of surveillance and poses an impermissible threat to privacy,” the plea said.
Through the new regulations, the UIDAI expressly sought to commercialise and gain financially through large-scale collection of the citizens’ private data and the use of Aadhaar database by private entities.
Besides, it said, Section 2(3) of the Aadhaar (Pricing of Authentication Services) Regulations 2019 demonstrated coercion by the State through arbitrarily imposing enrolment targets and for empowering itself to levy penalty charges for not achieving those targets. This was a violation of Article 14 of the Constitution.